Code Review / vpp.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | review | tree
raw | patch | inline | side by side (parent: 4e42226)
map: api: fix tag overflow and leak 03/28303/1
authorBenoît Ganne <bganne@cisco.com>
Tue, 21 Jan 2020 17:24:44 +0000 (18:24 +0100)
committerAndrew Yourtchenko <ayourtch@gmail.com>
Wed, 12 Aug 2020 15:59:46 +0000 (15:59 +0000)
The 'tag' parameter is expected to be a NULL-terminated C-string in
callees:
 - make sure it is null-terminated in both API and CLI cases
 - do not allocate & copy the string into a non-NULL-terminated vector
   in API case
 - fix leak in CLI case

Type: fix

Change-Id: I221a489a226240548cdeb5e3663bbfb94eee4600
Signed-off-by: Benoît Ganne <bganne@cisco.com>
(cherry picked from commit 3b37125bdb0251181f90a429a4532b339711cf89)

src/plugins/map/map.c patch | blob | history
src/plugins/map/map_api.c patch | blob | history

diff --git a/src/plugins/map/map.c b/src/plugins/map/map.c
index a214228..5a9cd7f 100644 (file)
--- a/src/plugins/map/map.c
+++ b/src/plugins/map/map.c
@@ -551,7 +551,7 @@ map_add_domain_command_fn (vlib_main_t * vm,
        num_m_args++;
       else if (unformat (line_input, "mtu %d", &mtu))
        num_m_args++;
-      else if (unformat (line_input, "tag %v", &tag))
+      else if (unformat (line_input, "tag %s", &tag))
        ;
       else
        {
@@ -573,6 +573,7 @@ map_add_domain_command_fn (vlib_main_t * vm,
                     mtu, flags, tag);
 
 done:
+  vec_free (tag);
   unformat_free (line_input);
 
   return error;
diff --git a/src/plugins/map/map_api.c b/src/plugins/map/map_api.c
index b73f14a..c2b3712 100644 (file)
--- a/src/plugins/map/map_api.c
+++ b/src/plugins/map/map_api.c
@@ -54,7 +54,7 @@ vl_api_map_add_domain_t_handler (vl_api_map_add_domain_t * mp)
   u32 index;
   u8 flags = 0;
 
-  u8 *tag = format (0, "%s", mp->tag);
+  mp->tag[ARRAY_LEN (mp->tag) - 1] = '\0';
   rv =
     map_create_domain ((ip4_address_t *) & mp->ip4_prefix.address,
                       mp->ip4_prefix.len,
@@ -62,8 +62,9 @@ vl_api_map_add_domain_t_handler (vl_api_map_add_domain_t * mp)
                       mp->ip6_prefix.len,
                       (ip6_address_t *) & mp->ip6_src.address,
                       mp->ip6_src.len, mp->ea_bits_len, mp->psid_offset,
-                      mp->psid_length, &index, ntohs (mp->mtu), flags, tag);
-  vec_free (tag);
+                      mp->psid_length, &index, ntohs (mp->mtu), flags,
+                      mp->tag);
+
   /* *INDENT-OFF* */
   REPLY_MACRO2(VL_API_MAP_ADD_DOMAIN_REPLY,
   ({
Vector Packet Processing